Last updated: May 22, 2026
DeltaLift is a strength tracking app built in Sweden. When this policy says "we" or "us", it means DeltaLift. If you need to reach us, email support@deltalift.cc. DeltaLift is the data controller for everything described below.
Account info. When you create an account, we store your email, password, display name, and gender. The email and password are only used to sign you in through Supabase Auth. Your display name is what appears on your profile, friends feed, and (if you opt in) the global leaderboard. Your gender is used during onboarding so we can pick the right anatomical heatmap model and calibrate strength rankings correctly.
Workout and fitness data. The core of DeltaLift is health and fitness data. That means the exercises, sets, reps, and weights you log, your custom exercises and workout templates, your body weight, height, body fat percentage, and any body measurements you choose to enter (chest, waist, hips, thigh, etc.). We use this data to generate your muscle heatmaps, calculate your 7-tier strength rankings (Iron through Radiant), build your 1RM progression and projection charts, award XP and levels, and unlock achievements. Without it, the app wouldn't have much to show you.
Engagement data. If you have an account, we also store derived stats like your current and best workout streak, total XP, level, achievements unlocked, and total workout count. These are calculated from your logs and used to drive level progress, streak displays, and leaderboard placement.
Social features (optional). If you use the social features, we also store your friend connections, your showcase, your profile picture, and any workouts you choose to share to the friends feed (along with reactions on those shares). Your name, avatar, recent workout activity, showcase, muscle heatmap, and shared workouts are visible to friends you've accepted. Nobody else can see them unless you explicitly opt in to the global leaderboard.
Global leaderboard (opt-in only). If you opt in (Friends → Leaderboard → Global), your display name, avatar, current streak, and rank become visible to other DeltaLift users who have also opted in. You can leave at any time, which removes you from the public ranking immediately. Opting out does not delete the data — it just hides it from the public ranking.
What we don't collect. We don't collect your location. We don't run advertising trackers or product-analytics SDKs — no Google Analytics, no Mixpanel, no Amplitude, nothing that profiles your behavior to sell back to advertisers. We do use Sentry for crash reporting (see Section 7) so we can fix bugs you hit in the wild. We don't sell or share your data with anyone for marketing. We only access your photo library if you choose to upload a profile picture. We do not access your contacts, microphone, or precise GPS location.
Everything you log is saved in local storage on your device using SQLite. The app works fully offline and your data is always available regardless of internet access — the device is the source of truth.
If you create an account, your data also syncs to Supabase, which hosts our cloud infrastructure on servers within the European Union. All traffic between your device and Supabase is encrypted with HTTPS/TLS, and row-level security policies make sure you can only access your own data. We don't transfer personal data outside the EEA unless a third-party service requires it, and only with appropriate safeguards like Standard Contractual Clauses.
Payment processing is handled by Google Play. While our database is in the EU, your billing information is processed by Google under their own privacy standards. To verify a Premium purchase, our backend receives the Google Play purchase token and product ID — nothing more.
Your local data stays on your device until you uninstall the app or sign out. Cloud data stays as long as your account is active.
When you delete your account, we permanently remove everything from our servers within 48 hours. That includes workout logs, personal records, body metrics, custom exercises, templates, profile info, achievements, streak history, friend connections, shared workouts, reactions, and leaderboard entries. All of it. You can still use the app offline after that. There are three ways to delete your account: through the app (Profile → Settings → Delete Account), through our web deletion page, or by emailing support@deltalift.cc.
Important: deleting your DeltaLift account does not cancel an active Google Play subscription. You have to cancel that separately in the Play Store, or you'll keep being charged.
Since we're based in the EU, GDPR applies. Here's what that means for you in plain terms:
Access — You can ask us for a copy of everything we have on you. Most of it is already visible in the app.
Correction — If something's wrong, you can fix it in the app or ask us to correct it.
Deletion (Right to be Forgotten) — You can ask us to wipe all your data. We'll do it within 48 hours. Delete your account in the app, use the deletion page, or email us.
Data portability — You have the right to get your data in a machine-readable format. Email support@deltalift.cc and we'll send you a JSON export within 30 days.
Restrict or object to processing — You can ask us to limit what we do with your data or object to processing entirely.
Complaints — If you think we're handling your data wrong, you can file a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) or your local data protection authority.
We process your data under three GDPR grounds. Most of it falls under contract (Art. 6(1)(b)) — we need your workout data and body metrics to actually provide the service you signed up for. Optional features like profile pictures, friend connections, shared workouts, reactions, and the global leaderboard fall under consent (Art. 6(1)(a)). Security and abuse prevention (e.g. detecting inflated streaks on the leaderboard) fall under legitimate interest (Art. 6(1)(f)).
We use Supabase for authentication, database hosting, and file storage (profile pictures). They process data in the EU and are GDPR-compliant. You can read their privacy policy here.
We use Sentry (hosted in Germany, sentry.io) to capture crash reports and unhandled errors so we can diagnose and fix bugs. When the app crashes, Sentry receives an error stack trace, the device model, the OS version, and the app version. It does not receive your workout data, body metrics, email, password, friends, messages, or anything you've typed into the app. If you're signed in, your account user-id may be attached to crash reports so we can look up whether the same bug is hitting other users — that's the only personal identifier Sentry sees, and it's used purely to triage. You can read Sentry's privacy policy here.
We distribute the app through Google Play, which handles subscription payments. Google processes payment data under their own privacy policy.
DeltaLift can be used offline without an account by anyone. By creating an account and using cloud features, you confirm that you are at least 16 years old, in line with the age of digital consent under Swedish law and GDPR. We don't knowingly collect personal data from anyone under 16. If you believe a minor has created an account, contact us at support@deltalift.cc and we'll remove it.
If we update this policy, we'll post the changes here and update the date at the top. For anything significant, we'll also notify you in the app. Continuing to use DeltaLift after a change means you accept the updated policy.
Questions about privacy or your data rights: support@deltalift.cc